svchost.exe

  • Thread starter Thread starter DaveP
  • Start date Start date
From: "dP" <[email protected]>


| I am as sure as I can be. I have ran scans that are now coming up clean.
| Used different scanners.
| Do you have any suggestions to be REALLY sure?
|
| System resources are no longer being taken over. All firewall logs are now
| quiet. No unexplained activity. I am open to any suggestions you may have
| to make sure it is clean.
|
| DaveP
|

Have you used programs such as AutoRuns and ProcessExplorer ?

Have you used an Anti RootKit utility such as Gmer ?
 
David H. Lipman said:
From: "dP" <[email protected]>


| I am as sure as I can be. I have ran scans that are now coming up
clean.
| Used different scanners.
| Do you have any suggestions to be REALLY sure?
|
| System resources are no longer being taken over. All firewall logs are
now
| quiet. No unexplained activity. I am open to any suggestions you may
have
| to make sure it is clean.
|
| DaveP
|

Have you used programs such as AutoRuns and ProcessExplorer ?

Have you used an Anti RootKit utility such as Gmer ?
Click to expand...

I have and did use process explorer. I did not find this file using process
explorer. I do not see any unidentifiable processes using process explorer.
Unfamiliar with the others.

DaveP
 
The Recovery Console is an effective way to deal with such a file. Load
the Recovery
Console. Rename the file and it will no longer be able to be loaded and
you can then go
about cleaing the PC as well as submitting it to places like Virus Total
to understand what
it is and what it does.
Click to expand...

I can get them killed if I can find them. Its the finding part that is a
challenge at times.
 
Have you used an Anti RootKit utility such as Gmer ?


Thanks for the heads up on Gmer. I have downloaded it and added it to my
collection of tools.

daveP
 
No problem, I finally found a file "hmq26.sys" that was loading as a device.
It did take some time to do a file by file search to find this culprit.
Then a major manual registry cleaning to follow. At this time i do believe
that I am clean.
I appreciate your input.

DaveP
Click to expand...

Glad you got it! Cheers.

- Thee Chicago Wolf
 
I am not real comfortable handling this file. I would have to turn my
anti-virus protection off to send the file. It is picked up with my virus
scanner since it does not load as a device on boot. Apparently when it is
loaded as a device it is locked and not able to be scanned. I am not in a
hurry to be reinfected by this file.
Click to expand...

Is it possible to ZIP or RAR it?

- Thee Chicago Wolf
 
I have run Gmer, CatchMe, SDfix, Ad-Aware 2007 and Avast.
SDfix found one small thing. Looks great.
Thanks for all your input.

DaveP
 
From: "DaveP" <[email protected]>

| I have run Gmer, CatchMe, SDfix, Ad-Aware 2007 and Avast.
| SDfix found one small thing. Looks great.
| Thanks for all your input.
|
| DaveP
|

No sweat. I would still like that file or files :-)
 
Back
Top